CN112087429A - Computer network safety control system and control method thereof - Google Patents

Computer network safety control system and control method thereof Download PDF

Info

Publication number
CN112087429A
CN112087429A CN202010783414.1A CN202010783414A CN112087429A CN 112087429 A CN112087429 A CN 112087429A CN 202010783414 A CN202010783414 A CN 202010783414A CN 112087429 A CN112087429 A CN 112087429A
Authority
CN
China
Prior art keywords
attack
module
server
intrusion
instruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202010783414.1A
Other languages
Chinese (zh)
Inventor
崔安宇
陈善球
方瑞莲
宋伟奇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Liuzhou Fengyasang Technology Co ltd
Original Assignee
Liuzhou Fengyasang Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Liuzhou Fengyasang Technology Co ltd filed Critical Liuzhou Fengyasang Technology Co ltd
Priority to CN202010783414.1A priority Critical patent/CN112087429A/en
Publication of CN112087429A publication Critical patent/CN112087429A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Abstract

The invention discloses a computer network security control system and a control method thereof, wherein the system comprises a server, a hacker intrusion detection module, a virus attack detection module, a system protection detection module, a data storage module, a network on-off control module, a power supply module and an early warning display module; the invention is provided with the hacker intrusion detection module, the virus attack detection module and the system protection detection module, so that the protection of the system is more comprehensive, and the system safety can be well ensured; the early warning display module is arranged, so that early warning information is more detailed, and classified early warning of system safety is realized; the data storage module is divided into an internal storage hard disk and an external storage hard disk, and an internal standby hard disk is connected with the internal storage hard disk, so that the data security of the system is ensured from multiple aspects.

Description

Computer network safety control system and control method thereof
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a computer network security control system and a control method thereof.
Background
With the progress of computer technology, the information age is also coming up, people have stronger and stronger dependence on networks, and especially, an information infrastructure formed by combining computer technology and communication technology has become an important infrastructure reflecting the social characteristics of information. The openness and freedom of the network also creates the possibility that private information and data may be corrupted or stolen, and network security is becoming increasingly important.
A computer with publication number CN110855657A comprises a network security control system, which comprises a network monitoring module, an abnormity determination terminal, a port monitoring terminal, a port library, a sealing unit, a controller, a display unit and a data correction unit, wherein the abnormity determination terminal analyzes the abnormity condition of the network, and if the determination result is an abnormal state, the sealing unit seals and blackens, the network port is forbidden from accessing the network, and the network port of the software is deleted. The scheme monitors the network port of networking software in the computer, and judges the network port to be in an abnormal state when the network speed of the network port changes suddenly or continues to be high, and the judgment mode of the scheme is single, so that the protection range of the scheme is limited.
The scheme solves the defects of the existing computer network safety control system to a certain extent, but still has a place worthy of improvement.
Disclosure of Invention
In order to solve the problems of computer network security control, the invention provides a computer network security control system and a control method thereof.
The purpose of the invention can be realized by the following technical scheme: a computer network security control system and its control method, including server, hacker's invasion detection module, virus attack detection module, system defend detection module, data storage module, network make-and-break control module, power supply module and early warning display module;
the hacker intrusion detection module analyzes a data packet invaded by a hacker, establishes an intrusion characteristic library, and compares and matches the received data packet with the intrusion characteristic library, and the specific detection steps are as follows:
the method comprises the following steps: establishing an intrusion characteristic library by analyzing an intrusion mode of a hacker;
step two: analyzing the data packet received by the system, comparing and matching the analysis result with the attack mode in the intrusion feature library, if the matching is successful, sending a hacker intrusion instruction to the server, and sending a mark corresponding to the attack mode to the server; if the matching is unsuccessful, the hacker intrusion detection module does not respond;
step three: the characteristic database and the sent hacker intrusion instruction record are sent to a data storage module through a server;
the virus attack detection module is used for detecting whether a system is attacked by viruses or not, and the specific detection steps are as follows:
q1: the starting speed of the system is detected by a system starting speed detection unit and is marked as Vq(ii) a The opening speed of the file in the system is detected by a file opening speed detection unit and is marked as Vd(ii) a Detecting the loading speed of the program in the system by a program loading speed detection unit, and marking the program loading speed as Vj
Q2: by the formula
Figure BDA0002621035520000021
Acquiring an operation speed V, wherein alpha, beta and gamma are specific proportionality coefficients;
q3: counting the resource occupation condition in the system through a system resource detection unit, and marking the resource occupation rate as Z;
q4: the integrity of the files stored in the system is verified through a file integrity detection unit, wherein the file integrity detection unit is provided with a digital abstract database of the files, and the specific verification steps are as follows:
w1: calculating a digital abstract of a file in the system through a Hash algorithm;
w2: comparing the digital abstract obtained by calculation with a digital abstract of a corresponding file in a digital abstract database;
w3: counting the proportion of the number of the digital abstracts to the total number of the files, which is different from the comparison result of the digital abstracts and the digital abstracts database, and marking the proportion as E;
q4: by the formula B ═ V.e-·Z+EAcquiring a virus threat coefficient B, wherein the virus threat coefficient B is a specific proportionality coefficient;
q5: when the virus threat coefficient is less than or equal to a preset threshold value, the virus attack detection module does not respond; when the virus threat coefficient is larger than a preset threshold value, the virus attack detection module sends a virus attack instruction to the server;
q6: sending the virus threat coefficient and the record for sending the virus attack instruction to a data storage module through a server;
the system protection detection module comprises a firewall detection unit and an intrusion feature library detection unit, and the specific detection steps are as follows:
r1: detecting the starting state and the updating state of a system firewall through a firewall detection unit, marking the starting state Q of the firewall as '1' when the firewall is started, and marking the starting state Q of the firewall as '0' when the firewall is started; when the firewall has been updated, it updates its state GFMarked as "1", when the firewall is not updated, it updates its state GFLabeled "0";
r2: detecting the update state of the intrusion feature library by an intrusion feature library detection unit, and updating the update state G of the intrusion feature library when the intrusion feature library is updatedTMarked as '1', when the intrusion feature library is not updated, the state G is updatedTThe label is "0",
r3: by the formula F ═ Q · GF·GTObtaining a system protection safety factor F, and when the system protection safety factor is less than or equal to a set threshold value, the system protection detection module does not respond; and when the system protection safety coefficient is greater than the set threshold value, the system protection detection module sends a system protection instruction to the server.
Preferably, the power supply module is used for supplying power to each module of the system, the power supply module comprises a main power supply and a standby power supply, the main power supply is used for supplying power for daily work of each module of the system, the standby power supply is started under the condition that the main power supply cannot work when an emergency occurs, the power supply module independently supplies power for the early warning display module and the data storage module, and a power supply on-off control module is arranged between the power supply and each module.
Preferably, the hacker intrusion mode includes a Land attack, a TCP SYN attack, a Ping Of Death attack, a WinNuke attack, a teradrop attack, and a TCP/UDP port scanning attack, and the specific analysis steps include:
s1: when the source address and the target address of the data packet are the same, judging that the attack mode is Land attack, and marking the Land attack as L;
s2: when SYN connection received in unit time exceeds a threshold value set by a system, judging that the attack mode is TCP SYN attack, and marking the attack mode as S;
s3: when the size Of the data packet is larger than 65535 bytes, judging that the attack mode is Ping Of Death attack, and marking the attack mode as D;
s4: when the target port of the data packet is 137, 138 or 139 and the URG bit is 1, judging that the mode is WinNuke attack and marking the mode as W;
s5: when the slice offset of the sliced data in the data packet is wrong, judging that the attack mode is a Teardrop attack, and marking the Teardrop attack as T;
s6: when the data packet sends a connection request to the non-use port, the attack mode is judged to be TCP/UDP port scanning attack, and the attack mode is marked as U.
Preferably, the virus attack detection module includes an operation speed detection unit, a system resource detection unit and a file integrity detection unit, and the operation speed detection unit includes a system start speed detection unit, a file open speed detection unit and a program loading speed detection unit.
Preferably, the data storage module is used for storing system data, the data storage module comprises an internal storage hard disk, an internal standby hard disk and an external storage hard disk, and a network on-off control module is arranged between the data storage module and the server.
Preferably, the early warning display module comprises an intelligent terminal and an alarm lamp, the intelligent terminal comprises an intelligent mobile phone, an intelligent display and a notebook computer, the early warning display module is connected with the server through an Ethernet, when the server receives a hacker intrusion instruction, the server sends the hacker intrusion display instruction and an intrusion mode to the intelligent terminal, and the alarm lamp is set to be red; when the server receives a virus attack instruction, the server sends a virus attack display instruction to the intelligent terminal, and meanwhile, the alarm lamp is set to be blue; when the server receives a system protection instruction, the server sends a system protection display instruction to the intelligent terminal, and meanwhile, the alarm lamp is set to be yellow, and the type of the alarm lamp is ssjd-001.
Preferably, the network on-off control module is used for controlling whether the data storage module is accessed, when the server does not receive a hacker intrusion instruction and a virus attack instruction, the network on-off control module controls the internal storage hard disk and the external storage hard disk to be simultaneously connected with the server, and when the server receives the hacker intrusion instruction and the virus attack instruction, the network on-off control module controls to cut off the connection between the internal storage hard disk and the server and keep the connection between the external storage hard disk and the server.
The invention has the beneficial effects that:
the invention is provided with a hacker intrusion detection module, analyzes and learns the intrusion mode of the hacker, establishes an intrusion characteristic library, analyzes whether the hacker intrusion occurs or not by comparing and matching a data packet with the intrusion characteristic library, and if the matching is successful, the hacker intrusion detection module sends a hacker intrusion instruction to a server; the method comprises the steps that a virus attack detection module is arranged, the system starting speed, the file opening speed and the degree loading speed are detected, the running speed is calculated by combining a formula, the resource occupancy rate of the system is detected by a system resource detection unit, the ratio of the number of different comparison results of a digital abstract and a digital abstract database to the total number of files is detected by a file integrity unit, a virus threat coefficient is obtained by the formula, and if the virus threat coefficient is larger than a preset threshold value, the attack detection module sends a virus attack instruction to a server; the system protection detection module is arranged, the starting state of the firewall, the updating state of the firewall and the updating state of the intrusion feature library are detected, the system protection safety coefficient is calculated through a formula, and when the system protection safety coefficient is larger than a preset threshold value, the system protection detection module sends a system protection instruction to the server; the hacker intrusion detection module, the virus attack detection module and the system protection detection module are jointly used, so that the protection of the system is more comprehensive, and the system safety can be well ensured;
the early warning display module is arranged, corresponding information is displayed after the early warning display module receives an instruction of the server, the warning lamps are set to be different colors according to different instructions, the early warning information is more detailed, and classified early warning of system safety is realized;
the data storage module of the invention is divided into an internal storage hard disk and an external storage hard disk, and is also provided with an internal standby hard disk connected with the internal storage hard disk, when the server is invaded by hackers or attacked by viruses, the connection between the internal storage hard disk and the server can be cut off in time by the network on-off control module, and the internal standby hard disk is used for carrying out timing backup on the data of the internal storage hard disk, thereby ensuring the data security of the system from multiple aspects.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic block diagram of the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, a computer network security control system and a control method thereof includes a server, a hacker intrusion detection module, a virus attack detection module, a system protection detection module, a data storage module, a network on-off control module, a power supply module and an early warning display module;
the hacker intrusion detection module analyzes the data packet invaded by the hacker, establishes an intrusion characteristic library, and compares and matches the received data packet with the intrusion characteristic library, and the specific detection steps are as follows:
the method comprises the following steps: establishing an intrusion characteristic library by analyzing an intrusion mode of a hacker;
step two: analyzing the data packet received by the system, comparing and matching the analysis result with the attack mode in the intrusion feature library, if the matching is successful, sending a hacker intrusion instruction to the server, and sending a mark corresponding to the attack mode to the server; if the matching is unsuccessful, the hacker intrusion detection module does not respond;
step three: the characteristic database and the sent hacker intrusion instruction record are sent to a data storage module through a server;
the virus attack detection module is used for detecting whether the system is attacked by the virus, and the specific detection steps are as follows:
q1: the starting speed of the system is detected by a system starting speed detection unit and is marked as Vq(ii) a The opening speed of the file in the system is detected by a file opening speed detection unit and is marked as Vd(ii) a Detecting the loading speed of the program in the system by a program loading speed detection unit, and marking the program loading speed as Vj
Q2: by the formula
Figure BDA0002621035520000081
Acquiring an operation speed V, wherein alpha, beta and gamma are specific proportionality coefficients;
q3: counting the resource occupation condition in the system through a system resource detection unit, and marking the resource occupation rate as Z;
q4: the integrity of the files stored in the system is verified through a file integrity detection unit, a digital abstract database of the files is arranged in the file integrity detection unit, and the specific verification steps are as follows:
w1: calculating a digital abstract of a file in the system through a Hash algorithm;
w2: comparing the digital abstract obtained by calculation with a digital abstract of a corresponding file in a digital abstract database;
w3: counting the proportion of the number of the digital abstracts to the total number of the files, which is different from the comparison result of the digital abstracts and the digital abstracts database, and marking the proportion as E;
q4: by the formula B ═ V.e-·Z+EAcquiring a virus threat coefficient B, wherein the virus threat coefficient B is a specific proportionality coefficient;
q5: when the virus threat coefficient is less than or equal to a preset threshold value, the virus attack detection module does not respond; when the virus threat coefficient is larger than a preset threshold value, the virus attack detection module sends a virus attack instruction to the server;
q6: sending the virus threat coefficient and the record for sending the virus attack instruction to a data storage module through a server;
the system protection detection module comprises a firewall detection unit and an intrusion feature library detection unit, and the specific detection steps are as follows:
r1: detecting the starting state and the updating state of a system firewall through a firewall detection unit, marking the starting state Q of the firewall as '1' when the firewall is started, and marking the starting state Q of the firewall as '0' when the firewall is started; when the firewall has been updated, it updates its state GFMarked as "1", when the firewall is not updated, it updates its state GFLabeled "0";
r2: detecting the update state of the intrusion feature library by an intrusion feature library detection unit, and updating the update state G of the intrusion feature library when the intrusion feature library is updatedTMarked as '1', when the intrusion feature library is not updated, the state G is updatedTThe label is "0",
r3: by the formula F ═ Q · GF·GTObtaining a system protection safety factor F, and when the system protection safety factor is less than or equal to a set threshold value, the system protection detection module does not respond; and when the system protection safety coefficient is greater than the set threshold value, the system protection detection module sends a system protection instruction to the server.
The power supply module is used for supplying power to all modules of the system, the power supply module comprises a main power supply and a standby power supply, the main power supply is used for supplying power for daily work of all modules of the system, the standby power supply is started under the condition that the main power supply cannot work when an emergency occurs, the power supply module independently supplies power for the early warning display module and the data storage module, and a power supply on-off control module is arranged between the power supply and each module.
The hacker intrusion mode comprises a Land attack, a TCP SYN attack, a Ping Of Death attack, a WinNuke attack, a Teardrop attack and a TCP/UDP port scanning attack, and the specific analysis steps are as follows:
s1: when the source address and the target address of the data packet are the same, judging that the attack mode is Land attack, and marking the Land attack as L;
s2: when SYN connection received in unit time exceeds a threshold value set by a system, judging that the attack mode is TCP SYN attack, and marking the attack mode as S;
s3: when the size Of the data packet is larger than 65535 bytes, judging that the attack mode is Ping Of Death attack, and marking the attack mode as D;
s4: when the target port of the data packet is 137, 138 or 139 and the URG bit is 1, judging that the mode is WinNuke attack and marking the mode as W;
s5: when the slice offset of the sliced data in the data packet is wrong, judging that the attack mode is a Teardrop attack, and marking the Teardrop attack as T;
s6: when the data packet sends a connection request to the non-use port, the attack mode is judged to be TCP/UDP port scanning attack, and the attack mode is marked as U.
The virus attack detection module comprises an operation speed detection unit, a system resource detection unit and a file integrity detection unit, wherein the operation speed detection unit comprises a system starting speed detection unit, a file opening speed detection unit and a program loading speed detection unit.
The data storage module is used for storing system data, the data storage module comprises an internal storage hard disk, an internal standby hard disk and an external storage hard disk, and a network on-off control module is arranged between the data storage module and the server.
The early warning display module comprises an intelligent terminal and an alarm lamp, the intelligent terminal comprises an intelligent mobile phone, an intelligent display and a notebook computer, the early warning display module is connected with the server through the Ethernet, when the server receives a hacker intrusion instruction, the server sends the hacker intrusion display instruction and an intrusion mode to the intelligent terminal, and the alarm lamp is set to be red; when the server receives a virus attack instruction, the server sends a virus attack display instruction to the intelligent terminal, and meanwhile, the alarm lamp is set to be blue; when the server receives the system protection instruction, the server sends the system protection display instruction to the intelligent terminal, and meanwhile, the alarm lamp is set to be yellow.
The network on-off control module is used for controlling whether the data storage module is accessed, controlling the internal storage hard disk and the external storage hard disk to be simultaneously connected with the server when the server does not receive a hacker intrusion instruction and a virus attack instruction, and controlling the connection between the internal storage hard disk and the server to be cut off and keeping the connection between the external storage hard disk and the server when the server receives the hacker intrusion instruction and the virus attack instruction.
The system further comprises a fingerprint identification module, the fingerprint identification module comprises a fingerprint acquisition unit, a fingerprint feature library, a fingerprint analysis unit and a result display unit, the fingerprint identification module is used for comparing and matching the fingerprint information of the visitor with the fingerprint information in the fingerprint library, and the specific comparison steps are as follows:
n1: fingerprint information of a specific person is acquired through a fingerprint acquisition unit, and the fingerprint characteristic information after characteristic extraction is sent to a fingerprint characteristic library, wherein the specific person is a person allowed to enter a space where a system is located;
n2: fingerprint information of the visitor is collected through a fingerprint collecting unit, and the fingerprint characteristic information after characteristic extraction is sent to a fingerprint analyzing unit;
n3: the fingerprint analysis unit compares the fingerprint characteristic information of the visitor with the fingerprint characteristic information in the fingerprint characteristic library one by one, if the matching is successful, the result display unit displays that the matching is successful, otherwise, the result display unit displays that the matching is failed.
The system also comprises an image recognition module, wherein the image recognition module comprises an image acquisition unit, a facial information feature library, an image analysis unit and a result display unit, the image recognition module is used for comparing and matching the facial information of the visitor with the facial information in the facial information feature library, and the specific comparison steps are as follows:
m1: the method comprises the steps that facial information of a specific person is collected through an image collecting unit, and the facial feature information after feature extraction is sent to a facial information feature library, wherein the specific person is a person allowed to enter a space where a system is located;
m2: the method comprises the steps that facial information of a visitor is collected through an image collecting unit, and the facial feature information subjected to feature extraction is sent to an image analyzing unit;
m3: the image analysis unit compares the facial feature information of the visitor with the facial feature information in the facial information feature library one by one, if the matching is successful, the result display unit displays that the matching is successful, otherwise, the result display unit displays that the matching is failed.
The above formulas are all quantitative calculation, the formula is a formula obtained by acquiring a large amount of data and performing software simulation to obtain the latest real situation, and the preset parameters in the formula are set by the technical personnel in the field according to the actual situation.
The working principle of the invention is as follows:
starting a hacker intrusion detection module, analyzing the received data packet through the hacker intrusion detection module, comparing and matching an analysis result with an attack mode in a characteristic attack library, and if matching is successful, sending a hacker intrusion instruction to a server;
initiating a virus attackA detection module for detecting the starting speed V of the system via the system starting speed detection unitqDetecting the opening speed V of a file in the system by a file opening speed detecting unitdDetecting the degree loading speed V in the system by the degree loading speed detecting unitjObtaining the running speed V through a formula; detecting the resource occupancy rate Z in the system through a system resource detection unit; detecting the integrity of the files stored in the system through a file integrity detection unit, marking the proportion of the number of different comparison results of the statistical digital abstract and the digital abstract database to the total number of the files as E, and acquiring a virus threat coefficient B through a formula; when the virus threat coefficient is larger than a preset threshold value, the virus attack detection module sends a virus attack instruction to the server;
a start system protection detection module for detecting the start state Q and update state G of the firewall through the firewall detection unitFDetecting the update state G of the intrusion feature library by an intrusion feature library detection unitTObtaining a system protection safety coefficient F through a formula; when the system protection safety coefficient is larger than a set threshold value, the system protection detection module sends a system protection instruction to the server;
when the server receives a hacker intrusion instruction, the early warning display module displays an intrusion mode and sets an alarm lamp to be red, and meanwhile, the network on-off control module cuts off the connection between the internal storage hard disk and the server; when the server receives a virus attack instruction, the early warning display module displays a virus attack prompt and sets the alarm lamp to be blue, and meanwhile, the network on-off control module cuts off the connection between the internal storage hard disk and the server; when the server receives a system protection instruction, the early warning display module displays a system protection prompt and sets the alarm lamp to be yellow.
The foregoing is merely exemplary and illustrative of the present invention and various modifications, additions and substitutions may be made by those skilled in the art to the specific embodiments described without departing from the scope of the invention as defined in the following claims.

Claims (8)

1. A computer network security control system is characterized by comprising a server, a hacker intrusion detection module, a virus attack detection module, a system protection detection module, a data storage module, a network on-off control module, a power supply module and an early warning display module;
the hacker intrusion detection module analyzes a data packet invaded by a hacker, establishes an intrusion characteristic library, and compares and matches the received data packet with the intrusion characteristic library, and the specific detection steps are as follows:
the method comprises the following steps: establishing an intrusion characteristic library by analyzing an intrusion mode of a hacker;
step two: analyzing the data packet received by the system, comparing and matching the analysis result with the attack mode in the intrusion feature library, if the matching is successful, sending a hacker intrusion instruction to the server, and sending a mark corresponding to the attack mode to the server; if the matching is unsuccessful, the hacker intrusion detection module does not respond;
step three: the characteristic database and the sent hacker intrusion instruction record are sent to a data storage module through a server;
the virus attack detection module is used for detecting whether a system is attacked by viruses or not, and the specific detection steps are as follows:
q1: the starting speed of the system is detected by a system starting speed detection unit and is marked as Vq(ii) a The opening speed of the file in the system is detected by a file opening speed detection unit and is marked as Vd(ii) a Detecting the loading speed of the program in the system by a program loading speed detection unit, and marking the program loading speed as Vj
Q2: by the formula
Figure FDA0002621035510000011
Acquiring an operation speed V, wherein alpha, beta and gamma are specific proportionality coefficients;
q3: counting the resource occupation condition in the system through a system resource detection unit, and marking the resource occupation rate as Z;
q4: the integrity of the files stored in the system is verified through a file integrity detection unit, wherein the file integrity detection unit is provided with a digital abstract database of the files, and the specific verification steps are as follows:
w1: calculating a digital abstract of a file in the system through a Hash algorithm;
w2: comparing the digital abstract obtained by calculation with a digital abstract of a corresponding file in a digital abstract database;
w3: counting the proportion of the number of the digital abstracts to the total number of the files, which is different from the comparison result of the digital abstracts and the digital abstracts database, and marking the proportion as E;
q4: by the formula B ═ V.e-·Z+EAcquiring a virus threat coefficient B, wherein the virus threat coefficient B is a specific proportionality coefficient;
q5: when the virus threat coefficient is less than or equal to a preset threshold value, the virus attack detection module does not respond; when the virus threat coefficient is larger than a preset threshold value, the virus attack detection module sends a virus attack instruction to the server;
q6: sending the virus threat coefficient and the record for sending the virus attack instruction to a data storage module through a server;
the system protection detection module comprises a firewall detection unit and an intrusion feature library detection unit, and the specific detection steps are as follows:
r1: detecting the starting state and the updating state of a system firewall through a firewall detection unit, marking the starting state Q of the firewall as '1' when the firewall is started, and marking the starting state Q of the firewall as '0' when the firewall is started; when the firewall has been updated, it updates its state GFMarked as "1", when the firewall is not updated, it updates its state GFLabeled "0";
r2: detecting the update state of the intrusion feature library by an intrusion feature library detection unit, and updating the update state G of the intrusion feature library when the intrusion feature library is updatedTMarked as '1', when the intrusion feature library is not updated, the state G is updatedTThe label is "0",
r3: by the formula F ═ Q · GF·GTAcquisition systemThe protection safety factor F is used for preventing the system protection detection module from responding when the system protection safety factor is smaller than or equal to the set threshold value; and when the system protection safety coefficient is greater than the set threshold value, the system protection detection module sends a system protection instruction to the server.
2. The computer network security control system of claim 1, wherein the power supply module is configured to supply power to each module of the system, the power supply module includes a main power source and a backup power source, the main power source is used for supplying power for each module of the system during daily operation, the backup power source is activated when the main power source fails to operate in case of emergency, the power supply module independently supplies power to the pre-warning display module and the data storage module, and a power on-off control module is disposed between the power supply module and each module.
3. The computer network security control system Of claim 1, wherein the hacking methods include Land attack, TCP SYN attack, Ping Of Death attack, WinNuke attack, teradrop attack, and TCP/UDP port scan attack, and the specific analysis steps include:
s1: when the source address and the target address of the data packet are the same, judging that the attack mode is Land attack, and marking the Land attack as L;
s2: when SYN connection received in unit time exceeds a threshold value set by a system, judging that the attack mode is TCP SYN attack, and marking the attack mode as S;
s3: when the size Of the data packet is larger than 65535 bytes, judging that the attack mode is Ping Of Death attack, and marking the attack mode as D;
s4: when the target port of the data packet is 137, 138 or 139 and the URG bit is 1, judging that the mode is WinNuke attack and marking the mode as W;
s5: when the slice offset of the sliced data in the data packet is wrong, judging that the attack mode is a Teardrop attack, and marking the Teardrop attack as T;
s6: when the data packet sends a connection request to the non-use port, the attack mode is judged to be TCP/UDP port scanning attack, and the attack mode is marked as U.
4. The computer network security control system of claim 1, wherein the virus attack detection module comprises a running speed detection unit, a system resource detection unit and a file integrity detection unit, and the running speed detection unit comprises a system start speed detection unit, a file open speed detection unit and a program load speed detection unit.
5. The computer network security control system of claim 1, wherein the data storage module is configured to store system data, the data storage module includes an internal storage hard disk, an internal backup hard disk and an external storage hard disk, and a network on-off control module is disposed between the data storage module and the server.
6. The computer network security control system according to claim 1, wherein the early warning display module comprises an intelligent terminal and an alarm lamp, the intelligent terminal comprises a smart phone, an intelligent display and a notebook computer, the early warning display module is connected with the server through an ethernet, when the server receives a hacker intrusion instruction, the server sends the hacker intrusion display instruction and an intrusion mode to the intelligent terminal, and the alarm lamp is set to be red; when the server receives a virus attack instruction, the server sends a virus attack display instruction to the intelligent terminal, and meanwhile, the alarm lamp is set to be blue; when the server receives the system protection instruction, the server sends the system protection display instruction to the intelligent terminal, and meanwhile, the alarm lamp is set to be yellow.
7. The computer network security control system of claim 1, wherein the network on-off module is configured to control whether the data storage module is accessed, and when the server does not receive the hacking instruction and the virus attack instruction, the network on-off control module controls the internal storage hard disk and the external storage hard disk to be simultaneously connected to the server, and when the server receives the hacking instruction and the virus attack instruction, the network on-off control module controls to disconnect the internal storage hard disk from the server and maintain the connection between the external storage hard disk and the server.
8. The computer network security control system of claim 1, wherein the control method of the system comprises the steps of:
the method comprises the following steps: starting a hacker intrusion detection module, analyzing the received data packet through the hacker intrusion detection module, comparing and matching an analysis result with an attack mode in a characteristic attack library, and if matching is successful, sending a hacker intrusion instruction to a server;
step two: a start virus attack detection module for detecting the start speed V of the system by a system start speed detection unitqDetecting the opening speed V of a file in the system by a file opening speed detecting unitdDetecting the degree loading speed V in the system by the degree loading speed detecting unitjBy the formula
Figure FDA0002621035510000051
Acquiring an operation speed V; detecting the resource occupancy rate Z in the system through a system resource detection unit; detecting the integrity of the stored files of the system by a file integrity detection unit, marking the proportion of the number of different comparison results of the statistical number abstract and the digital abstract database to the total number of the files as E, and using a formula B as V.e-·Z+EAcquiring a virus threat coefficient B; when the virus threat coefficient is larger than a preset threshold value, the virus attack detection module sends a virus attack instruction to the server;
step three: a start system protection detection module for detecting the start state Q and update state G of the firewall through the firewall detection unitFDetecting the update state G of the intrusion feature library by an intrusion feature library detection unitTBy the formula F ═ Q · GF·GTObtaining a system protection safety factor F; secure system for system protectionWhen the number is larger than the set threshold value, the system protection detection module sends a system protection instruction to the server;
step four: when the server receives a hacker intrusion instruction, the early warning display module displays an intrusion mode and sets an alarm lamp to be red, and meanwhile, the network on-off control module cuts off the connection between the internal storage hard disk and the server; when the server receives a virus attack instruction, the early warning display module displays a virus attack prompt and sets the alarm lamp to be blue, and meanwhile, the network on-off control module cuts off the connection between the internal storage hard disk and the server; when the server receives a system protection instruction, the early warning display module displays a system protection prompt and sets the alarm lamp to be yellow.
CN202010783414.1A 2020-08-06 2020-08-06 Computer network safety control system and control method thereof Withdrawn CN112087429A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010783414.1A CN112087429A (en) 2020-08-06 2020-08-06 Computer network safety control system and control method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010783414.1A CN112087429A (en) 2020-08-06 2020-08-06 Computer network safety control system and control method thereof

Publications (1)

Publication Number Publication Date
CN112087429A true CN112087429A (en) 2020-12-15

Family

ID=73735431

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010783414.1A Withdrawn CN112087429A (en) 2020-08-06 2020-08-06 Computer network safety control system and control method thereof

Country Status (1)

Country Link
CN (1) CN112087429A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112667427A (en) * 2020-12-31 2021-04-16 上海磐御网络科技有限公司 Network security system based on virtualization technology
CN112866278A (en) * 2021-02-04 2021-05-28 许昌学院 Computer network information safety protection system based on big data
CN112927465A (en) * 2021-01-29 2021-06-08 安徽佳美瑞物联科技有限公司 Villa security system running state real-time monitoring alarm system
CN113591086A (en) * 2021-07-28 2021-11-02 西安中诺通讯有限公司 Terminal safety management method, device, terminal and storage medium
CN113918940A (en) * 2021-12-13 2022-01-11 苏州浪潮智能科技有限公司 Computer service system and server

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112667427A (en) * 2020-12-31 2021-04-16 上海磐御网络科技有限公司 Network security system based on virtualization technology
CN112927465A (en) * 2021-01-29 2021-06-08 安徽佳美瑞物联科技有限公司 Villa security system running state real-time monitoring alarm system
CN112866278A (en) * 2021-02-04 2021-05-28 许昌学院 Computer network information safety protection system based on big data
CN112866278B (en) * 2021-02-04 2023-04-07 许昌学院 Computer network information safety protection system based on big data
CN113591086A (en) * 2021-07-28 2021-11-02 西安中诺通讯有限公司 Terminal safety management method, device, terminal and storage medium
CN113918940A (en) * 2021-12-13 2022-01-11 苏州浪潮智能科技有限公司 Computer service system and server

Similar Documents

Publication Publication Date Title
CN112087429A (en) Computer network safety control system and control method thereof
US10516689B2 (en) Distributed data surveillance in a community capture environment
US10848514B2 (en) Data surveillance for privileged assets on a computer network
US20180288084A1 (en) Method and device for automatically establishing intrusion detection model based on industrial control network
US8166553B2 (en) Method and apparatus for detecting unauthorized-access, and computer product
CN108737410B (en) Limited knowledge industrial communication protocol abnormal behavior detection method based on feature association
CN112187792A (en) Network information safety protection system based on internet
US20030115486A1 (en) Intrusion detection method using adaptive rule estimation in network-based instrusion detection system
US10523698B2 (en) Data surveillance system with patterns of centroid drift
CN112653654A (en) Security monitoring method and device, computer equipment and storage medium
WO2021253899A1 (en) Targeted attack detection method and apparatus, and computer-readable storage medium
CN113422763B (en) Alarm correlation analysis method constructed based on attack scene
CN110768946A (en) Industrial control network intrusion detection system and method based on bloom filter
CN112153336B (en) Monitoring method and related equipment
CN111786986B (en) Numerical control system network intrusion prevention system and method
CN111669371B (en) Network attack restoration system and method suitable for power network
CN111526020A (en) Safety sharing method
CN115550049A (en) Vulnerability detection method and system for Internet of things equipment
US11621972B2 (en) System and method for protection of an ICS network by an HMI server therein
CN115567258A (en) Network security situation awareness method, system, electronic device and storage medium
CN115396166A (en) Enterprise cloud office platform service management method based on big data
CN111343193B (en) Cloud network port security protection method and device, electronic equipment and storage medium
CN113783875A (en) Fire protection system for network information security and use method thereof
CN113542186A (en) Monitoring system based on network security and early warning method thereof
CN110912869A (en) Big data-based monitoring and reminding method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 545000 1603-04, Xincheng Zhibu building, 111 Xinliu Avenue, Liuzhou City, Guangxi Zhuang Autonomous Region

Applicant after: Liuzhou Suwen Information Technology Co.,Ltd.

Address before: Room 705, building 2, Guantang R & D center, No. 10, Shuangren Road, Liudong New District, Yufeng District, Liuzhou City, Guangxi Zhuang Autonomous Region

Applicant before: Liuzhou Fengyasang Technology Co.,Ltd.

WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20201215